CVE-2020-14169

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 43.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Server AND Data Center Atlassian Jira Atlassian Jira Software Data Center

Timeline

PublishedJul 1

Latest updateMay 24

Description

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5atlassian/jira_server_and_data_centerunspecified — 8.9.1

▶NVDatlassian/jira_software_data_center< 8.9.1

▶NVDatlassian/jira< 8.9.1

🔴Vulnerability Details

GHSA

GHSA-773v-j8x5-p582: The quick search component in Atlassian Jira Server and Data Center before 8↗2022-05-24

▶

CVEList

CVE-2020-14169: The quick search component in Atlassian Jira Server and Data Center before 8↗2020-07-01

▶